Biometric Authentication

ABSTRACT

A biometric authentication system is disclosed that provides a trusted third party biometric authentication capability for independent confirmation of identity of parties. A repository of biometric templates for registered parties is disclosed that permit a biometric authenticator to perform independent authentication services for other parties by matching received biometric information against biometric information in the repository, or by providing requested biometric information.

BACKGROUND

Determining identity of an individual is often required to ensure thattransaction between parties may be protected. Thus, technology isrequired to provide authentication for use in transactions.

SUMMARY

A biometric authentication system is disclosed that provides a trustedthird party biometric authentication capability for independentconfirmation of identity of individuals. The biometric authenticationsystem may include a biometric authenticator that has a repository ofbiometric templates for registered individuals. Thus, when registeredindividuals are engaged in transactions, their identities may beconfirmed by comparing their biometric data with biometric templatesstored in the repository. A single set of biometric templates may beused to confirm identities for transactions with any number oforganizations.

For example, when traveling, a registered party may desire to cash apersonal check in a foreign country. A foreign bank may request from theregistered party biometric data such as a retina scan, a fingerprint, afacial scan, an ear scan, etc. The captured biometric data together withan identification such as a name or a social security number or itsequivalent, for example, may be transmitted to the biometricauthenticator. The biometric authenticator may compare the receivedbiometric data with biometric templates corresponding to the identifiedperson. If a match is obtained, then the biometric authenticator mayreturn an authentication certificate to the bank so that bank may beconfident that the party is not an imposter and can proceed to cash thecheck after verifying that sufficient funds are in the checking account,for example.

Biometric templates may be trained by capturing biometric data fromregistering parties during registration using biometric data capturedevices such as retina scanners, fingerprint recorders, camera's,microphones, ear scanners, DNA profilers, etc. A template may be apattern, a model, etc., that is trained using biometric data such asones obtained during registration and may be used to verify authenticityof received biometric data during authentication. Templates may bestored in the repository of the biometric authenticator so that uponrequest, the templates may be used to authenticate a party by comparingsupplied biometric data against the biometric templates.

Security may be increased by using text-independent speaker verification(SV) where a party is requested to speak a phrase that may be unique foreach authentication event to generate an audio input, for example. Theaudio input may be digitized into a voice print and features of thevoice print may be extracted and compared against a stored voice printtemplate. Additionally, a voice print may be converted into an audiosignal for authentication by comparing samples of a party's recordedspeech against the audio signal provided by a party when speaking aphrase.

BRIEF DESCRIPTION OF THE DRAWINGS

The invention is described in detail with reference to the followingfigures, wherein like numerals reference like elements, and wherein:

FIG. 1 shows an exemplary diagram of a third party biometricauthentication system;

FIG. 2 shows an exemplary system for capturing biometric data;

FIG. 3 shows an exemplary data structure in a repository for biometricdata;

FIG. 4 shows an exemplary table of group identities;

FIG. 5 shows an exemplary block diagram of a biometric authenticator;

FIG. 6 shows a flowchart of an exemplary process for authenticating anidentity of a party; and

FIG. 7 shows a flowchart of an exemplary process for registering firstparties.

DETAILED DESCRIPTION OF EMBODIMENTS

FIG. 1 shows an exemplary block diagram of a trusted third partybiometric authentication system 100 that may include first party systems104-106, second party systems 108-110, and a biometric authenticator 112that maintains a repository 114. All of these components may be coupledvia network 102. Network 102 may be any combination of networks such asintemets, local area networks (LANs), wide area networks (WANs),wireless, wired, optical, etc. Biometric authenticator 112 may be atrusted independent party providing biometric authentication services tofirst and second parties 104, 106 and 108, 110, respectively. Secondparty systems 108 and 110 may be operated by various business entities,for example, such as a bank, a credit card company, a vendor, etc., thatmay engage in transactions with first parties operating first partysystems 104-106, or immediately with first parties without the use offirst party systems 104-106.

For example, a first party using first party system 104 may be engagedin an online banking transaction such as paying a bill with a bank thatis using second party system 108. Before completing the transaction,second party system 108 may request biometric data from first partysystem 104 to confirm the identity of the first party. First partysystem 104 may issue a request to the first party for one or more of aretina scan, a fingerprint, a facial image, an ear scan, etc., usingbiometric data capture devices that may be coupled to first party system104. After receiving the requested biometric data, first party system104 may transmit the received biometric data to second party system 108for authentication. Second party system 108 may request biometrictemplates from biometric authenticator 112 and perform theauthentication process or forward the biometric data to biometricauthenticator 112 for authentication. Alternatively instead of sendingthe biometric data to second party system 108, first party system 104may be instructed to send the biometric data directly to biometricauthenticator 112 for authentication.

A request for authentication and associated biometric data may bereceived with a claimed identification of a first party. Biometricauthenticator 112 may use the claimed identity to search repository 114for biometric templates belonging to that first party. Biometric datamay not exactly match biometric templates. Thus, one or more thresholdsmay be established so that a confidence level may be established basedon biometric data/biometric template(s) comparison(s). Biometricauthenticator 112 may provide either an authentication certificate whencomparison results exceed appropriate thresholds sufficiently to declarea “match,” and/or a confidence score so that the second party maydetermine whether or not the authentication is successful. The secondparty may, for example, request additional biometric data possibility toincrease the confidence score to a desired value. If an acceptableconfidence score has been achieved, then the second party may choose tocomplete the associated transaction.

If the second party desires to perform the authentication process andrequests one or more biometric templates for an identified party,biometric authenticator 112 may retrieve corresponding biometrictemplates based on the claimed identity of that parry, and transmit thebiometric templates to second party system 108. In this way, secondparty system 108 may use its own matching techniques so that desiredconfidence levels may be obtained.

Text-independent speaker verification also may be used as a form ofbiometric authentication. For example, second party system 108 orbiometric authenticator 112 may request the first party to speak aprovided phrase to generate an audio signal. The audio signal receivedby a microphone of first party system 104 may be digitized into a voiceprint. Features extracted from the voice print may be transmitted tosecond party system 108 or to biometric authenticator 112 for comparisonagainst appropriate templates. The voice print may also be transmittedand converted into an audio signal and output for audio confirmation byan operator in addition to automated authentication.

Biometric authenticator 112 may provide a first party identificationbased on provided biometric data as well as authenticate an identity ofa first party based on the provided biometric data. For example, secondparty system 108 may send biometric data without also providing acorresponding claimed identity. Biometric authenticator 112 may searchrepository 114 for biometric templates that match the provided biometricdata and return one or more identities that may correspond to theprovided biometric data.

Repository 114 may provide a grouping of the biometric templates. Secondparty system 108 may send biometric data along with a group identifier.Biometric authenticator 112 may restrict the search for matchingbiometric templates only within the identified group, thus reducing anumber of false positive identities. For example, a family might all usethe same voicemail account, but have separate mail boxes. The voicemailsystem may obtain biometric data by requiring a first party accessingthe voicemail to speak a pass phrase. When speech for the pass phrase isreceived as the biometric data, the voicemail system may send thebiometric data along with an identifier for the family voicemailidentified by the family name, for example. Biometric authenticator mayrestrict the search only to voice templates among those belonging to thefamily. Biometric authenticator may return an individual identity and aconfidence score to the voicemail system for determination of whether toprovide access to a correct mail box.

The phrase used in speaker verification may be generated by either thesecond party or biometric authenticator 112 in a manner that would makeit difficult to predict its contents. The phrase may be generated from alarge corpus of phrases, a source of random words, or spontaneously froma prior communication, for example. The generated phrases or words maybe saved for each first party in repository 114 either for later use orfor guaranteeing that the phrases are not used again. Instead of savingthe used phrases or words, they may be deleted to avoid copying byimposters.

In view of the above, trusted third party biometric authenticator 112may maintain security of repository 114, provide uniform and costeffective authentication services and relieve first and second partiesof security tasks. For example, second parties are not required tomaintain voice security for their services on their site or platformsand first parties are relieved of maintaining security of individualdevices such as PDAs and laptops. Additionally, first parties may needto provide biometric data once for training templates and thus avoidtemplate training process for every vendor that they deal with.

While the above discussion is based on an online banking example, othertypes of transactions may also take advantage of services of a biometricauthenticator 112. For example, when engaged in an online purchase, avendor may request biometric data from a prospective purchaser andrequest authentication of the prospective purchaser's identity inconnection with a credit card. Biometric authenticator 112 may provideconfirmation that the prospective purchaser is an authorized user of thecredit card, for example. Additionally, the first party may not be usingfirst party system 104. Instead, the first party may be physically at asecond party facility engaged in a transaction with the second party.Prior to completing the transaction, the second party may request thefirst party to provide biometric data using biometric data recorders atthe second party facility, for example. The transaction between thefirst and second parties may be completed upon successful authenticationeither by biometric authenticator 112 or by the second party usingtemplates provided by biometric authenticator 112.

FIG. 2 shows an exemplary end-user system 200 that includes a controlprocessor 202, a display 204, a keyboard 206, a mouse 208, speakers 210,a camera 212, a microphone 214, a retina scanner 216 and a fingerprintrecorder 218. While FIG. 2 shows that the end-user system 200 includesmany different types of biometric data capture devices, 212-218, anend-user system may include any combination of one or more of thesebiometric capture devices 212-218 as well as other types of biometricdata capture devices such as DNA profiler, ear scanner, etc. Forexample, end-user system 200 may include only microphone 214 to receivean audio input so that control processor 202 may generate a voice print.Also, biometric data capture devices 212-218 may be combined into asingle device that is capable of capturing all types of theabove-mentioned and other biometric data.

Additionally, while FIG. 2 shows biometric data capture devices 212-218connected directly to control processor 202, they may be connectedindirectly via a network such as network 102, for example. The biometricdata capture devices 212-218 may be physically disposed in a remotelocation relative to controller processor 202. Also, end-user system 200may represent first party systems 104-106, second party systems 108-110or biometric authenticator 112. For example, if end-user system 200represents first party system 104, then such a system may include onlycamera 212 and microphone 214 as biometric data capture devices. A firstparty may operate end-user system 200 using keyboard 206 and mouse 208and input biometric data such as speech input via microphone 214 andfacial image or ear scan via camera 212.

If end-user system 200 represents second party system 108, for example,then biometric data capture devices 212-218 may not be included at alland end-user system 200 may include only programs for requestingbiometric data from first parties and biometric templates from biometricauthenticator 112 and perform the authentication process. Ifauthentication is performed by biometric authenticator 112, end-usersystem 200 may only include programs for interfacing with first partiesand biometric authenticator 112.

Alternatively, second party systems 108-110 may include partyregistration facilities that provide biometric data capture devices forcapturing biometric data from registering parties. For example,biometric capture devices 212-218 may be located in a specified areawhere registered parties may be instructed to provide their biometricdata as part of a registration process. The data captured in this mannermay be provided to biometric authenticator 112 for creation and storageof templates for future authentication processes. First parties may alsoperform the registration process using first party systems 104-106 thatmay collect biometric data as part of a service provided by a secondparty and/or the biometric authenticator 112.

If end-user system 200 represents biometric authenticator 112, thencontrol processor 202 may be capable of high volume processing so thatmany different second party systems 108-110 may be supported. Biometricdata capture devices 212-218 may be located in party registrationfacilities so that potential first parties may be registered withbiometric authenticator 112 in addition to registration facilities thatmay be provided by second parties; as noted above.

Control processor 202 may be coupled to a mass storage device thatserves as memory for repository 114. For example, FIG. 3 shows anexemplary data structure 240 for repository 114 that may include records242-246 corresponding to each registered party, for example. Each of therecords 242-246 may include an identification field 248, multiplebiometric data entries 252 where each biometric data entry may includemultiple fields 250. For example, record 242 may include entries for aretina scan, a fingerprint, a facial image, a voice print, etc. Forexample, fields 250 may include information such as a copy of actualbiometric data, recordation date/time corresponding to the biometricdata, a biometric template for each type of biometric data that may begenerated via a training process during registration, etc.

FIG. 4 shows an exemplary table that may be indexed according to groupidentities. For example, FIG. 4 shows group identities n, n+1, . . . ,n+p grouping groups m1, m2, . . . , mp first parties together,respectively. Pointers to records of the identified first parties formentries in the table so that biometric authenticator 112 may easilyaccess biometric templates for each of the identified first parties whensearching for a match to provided biometric data. Thus, when a secondparty requests retrieval of an identification for a provided biometricdata for a particular group identity, biometric authenticator 112 maylimit its search for a matching biometric template to only thoseidentifications identified by the table under the provided groupidentity. Similarly, the second party may provide a claimed identity anda group identity so that biometric authenticator may determine whetherthe identity is included within the provided group identity even withoutperforming biometric comparison between provided biometric data andbiometric templates.

The above-discussed biometric data entries and corresponding fields areexamples only. Other different types of biometric data and fields may beadded, or only a subset of the above-discussed biometric entries 252 andfields 250 may be used. Also, while FIG. 3 shows biometric data storedin a table-like manner, other database structures may be used such asrelational databases having indices, link lists, etc. Sophisticateddatabase structures may be used in biometric authenticator 112 because arelatively large volume of biometric data may be stored.

The recordation date/time field of each biometric data entry may providean indication of the age of the biometric data. Depending on the type ofbiometric data, such as facial image, a time limit may be set forupdating the biometric data. For example, when an elapsed time thresholdis exceeded, biometric authenticator 112 may issue requests for updatesof biometric information or biometric data may be requested on a nextopportunity when the associated registered party is engaged in atransaction, for example. Other adaptation schemes may also be used toupdate and improve the biometric templates such as using a differencebetween the received biometric data and a centroid of clusters in thebiometric templates as a trigger to incorporate the received biometricdata, for example.

FIG. 5 shows an exemplary block diagram of biometric authenticator 112that may include a controller 262, a memory 264, an operator interface270, a biometric information comparator 272, a biometric templategenerator 274, and a network interface 266. Memory 264 may comprise oneor more mass storage devices such as ROM, RAM, optical disk(s), harddisk(s), etc. Repository 114 may be stored in memory 264. Repository 114may be stored elsewhere but is shown stored in memory 264 forconvenience. These components may be coupled by a bus 268. Thecomparator and the template generator may be software systems that mayrun on separate processors or on the same processor.

As mentioned above, biometric authenticator 112 may be connected tobiometric data capture devices 212-218. The biometric data capturedevices 212-218 may be either directly coupled to controller 262 via bus268 or remotely connected (as shown by dashed lines) when biometric datacapture devices 212-218 are physically disposed in a location remotefrom controller 262. Also, many copies of biometric data capture devices212-218 may be provided so that party registration may be efficientlyperformed with many registering parties. The data capture devices may bepart of a first party system 104-106. The first party may be requestedto use these devices as part of a registration process operating on asecond party system 108-110, or as part of aregistration processoperating on biometric authenticator 112. Further, the data capturedevices 212-218 may be part of one or more second party systems 108-110and used as part of a registration process. For example, a first partymay be using an Automatic Teller Machine (ATM) at a bank for the firsttime. The ATM may request that the first party provide a finger print ora voice sample for creating a biometric template.

While FIG. 5 shows biometric authenticator 112 using a bus architecture,any type of hardware architecture, including wired and wirelessnetworks, may be used based on implementation details. For example,biometric data capture devices 212-218 may be coupled to bus 268 vianetwork interface devices and memory 264, operator interface 270 andnetwork interface 266 may be individually connected to controller 262.Also, these hardware components may be implemented using any availablehardware technology such as FPGA, PAL, application specific integratedcircuits (ASICs), etc.

When a request for biometric authentication is received via networkinterface 266, controller 262 may retrieve one or more biometrictemplates and/or data from repository 114 such as from memory 264, forexample. Controller 262 may direct the templates to be sent to biometricinformation comparator 272 together with the received biometric data.Biometric information comparator 272 may compare the received biometricinformation (biometric template(s) and/or data) against the one or moreretrieved biometric information and determine whether the result of thecomparison exceeds one or more thresholds corresponding to confidencelevels, for example. Controller 262 may send the confidence level to therequesting second party via network interface 266 and/or anauthentication certificate if a highest confidence level has beenexceeded. If the comparison result fails to exceed a minimum threshold,for example, then controller 262 may issue an authentication failuremessage to the requesting second party via network interface 266. Ifinstead of a request for authentication, biometric authenticator 112received a request for biometric information, controller 262 mayretrieve requested information such as biometric templates fromrepository 114 and forward the biometric information to the requestingsecond party via network interface 266.

If a first party desires to register biometric data with a second party,the second party may issue a prompt to the registering first party via adisplay (not shown), for example, to request the registering first partyto provide the biometric data via one or more of biometric datarecording devices provided by the second party Once received, the secondparty may send the collected biometric data to biometric authenticator112. When received via network interface 266, for example, controller262 may direct the received biometric data to biometric templategenerator 274 to generate one or more biometric templates. If additionalsamples of biometric data are required, controller 262 may make arequest to the second party to again prompt the registering first partyto provide the needed additional biometric data. When all the needed oneor more biometric templates are generated, controller 262 may add a newbiometric record in repository 114 and record the new biometrictemplate(s) in the created biometric record together with recordationdate and time, for example. Alternatively, the second party may transfercontrol over to biometric authenticator 112 for the completeregistration process including interfacing with the registering firstparty.

Repository 114 may be used by many second party systems 108-110 forauthenticating registered first parties to complete transactions. Asnoted above, second party systems 108-110 may also register firstparties and either the biometric data and/or the generated templates maybe provided to biometric authenticator 112 for storage in repository114. Registered first parties may engage in transactions with manydifferent second parties so that significant overlap may occur amongpatrons of various second parties. Thus, repository 114 managed bybiometric authenticator 112 may provide a cost effective authenticationservice without requiring first parties to repeat registration processeswith multiple second parties.

When a second party registers a first party, the collected biometricinformation together with the identification provided by the first partymay be transmitted to biometric authenticator 112. Biometricauthenticator 112 may perform a search of repository 114 to determinewhether the biometric information corresponding to the identified partyis already in repository 114. If biometric information is already inrepository 114, biometric authenticator 112 may compare the biometricinformation retrieved from repository 114 against the newly providedbiometric information to determine whether the two sets of biometricinformation are substantially identical or substantially different. Ifthe two sets of biometric information are substantially identical,biometric authenticator 112 may either store both sets of biometricinformation or select one of the sets for storage. If the two sets ofbiometric information are substantially different, then a message tothat effect may be returned to the second party who may take variousactions such as request additional biometric data, alert authorities forpossible security breach, etc.

Further, biometric authenticator 112 may search repository 114 todetermine whether the newly provided biometric information matchbiometric information that correspond to an identity that is differentthan that provided by the registering first party. If one or morematches are found, then a warning may be sent to the second party, forexample. In this way, unique correspondence between biometricinformation and identities may be maintained.

FIG. 6 shows a flowchart 300 of an exemplary biometric authenticatorprocess for confirming identity of a first party. In step 302, theprocess determines whether a request for authentication is received. Ifa request is received, the process goes to step 304; otherwise, theprocess returns to step 302. In step 304, the process attempts toretrieve from a repository biometric information corresponding to thereceived identity and goes to step 306. In step 306, the processdetermines whether biometric information corresponding to the receivedidentity is found in the repository 114. If the biometric information isfound, the process goes to step 308; otherwise, the process goes to step312.

In step 308, the process determines whether the received biometricinformation matches the retrieved biometric information based on one ormore thresholds and goes to step 310. In step 310, the process returnsto the requesting second party a confidence score corresponding toexceeded thresholds and/or an authentication certificate if a highestthreshold was exceeded and goes to step 314. In step 312, the processreturns a message indicating that information is not available forauthentication, and the process goes to step 314. In step 314, theprocess determines whether another request for authentication isreceived. If another request is received, the process returns to step304; otherwise, the process goes to 316 and ends.

FIG. 7 shows a flowchart 400 of an exemplary process for registering afirst party. In step 402, the process prompts the registering firstparty to provide biometric data via one or more biometric data capturedevice and goes to step 404. In step 404, the process determines whetherthe requested biometric data has been received. If the requestedbiometric data has been received, the process goes to step 412;otherwise, the process goes to step 406. In step 406, the processincrements a timer and goes to step 408. In step 408, the processdetermines whether a maximum time has been exceeded. If the maximum timehas been exceeded, the process goes to step 410; otherwise, the processreturns to step 404. In step 410, the process issues a registrationfailed message and goes to step 426 and ends.

In step 412, the process determines whether additional biometric data isrequired to generate one or more biometric templates. If additionalbiometric data is required, the process returns to step 402; otherwise,the process goes to step 414. In step 414, the process generates one ormore biometric templates and goes to step 416.

In step 416, the process determines whether the received biometric dataand/or the generated biometric templates (biometric information) aresubstantially the same as ones that are already in the repository. Ifsubstantially the same biometric information is already in therepository, the process goes to step 420; otherwise the process goes tostep 418. In step 420, the process determines whether the identityprovided by the registering party is substantially the same as theidentity that corresponds to the biometric information already in therepository. If the identities are substantially the same, the processgoes to step 422; otherwise, the process goes to step 424. In step 422,the process resolves the redundancy between the biometric information ofthe registering party by discarding one of the biometric information orby storing both copies and goes to step 426 and ends. In step 424, theprocess generates a discrepancy alert to the biometric authenticatoroperator, for example, and take appropriate action such as alertingenforcement personnel and goes to step 426 and ends. In step 418, theprocess stores the generated biometric information into the repositoryand goes to step 426 and ends.

While the invention has been described in conjunction with exemplaryembodiments, these embodiments should be viewed as illustrative, notlimiting. Various modifications, substitutes or the like are possiblewithin the spirit and scope of the invention.

1. A method, comprising: receiving, by a server, an authenticationrequest associated with a first party, the authentication requestrequesting a third party to authenticate an electronic transactionassociated with the first party and associated with an identity claimedby a second party; querying, by the server, an electronic database forthe identity claimed by the second party, the electronic database havingelectronic associations between different biometric templates anddifferent identities including the identity claimed by the second party;retrieving, by the server, a biometric template of the differentbiometric templates from the electronic database, the biometric templateelectronically associated with the identity claimed by the second party;retrieving, by the server, biometric data associated with the secondparty to the electronic transaction; comparing, by the server, thebiometric data associated with the second party to the biometrictemplate electronically associated with the identity claimed by thesecond; and determining, by the server, an authentication response tothe authentication request, the authentication response based on thecomparing of the biometric data associated with the second party to thebiometric template electronically associated with the identity claimedby the second party.
 2. The method of claim 1, further comprisingauthenticating the second party to the electronic transaction inresponse to the biometric data matching the biometric template.
 3. Themethod of claim 1, further comprising failing an authentication of thesecond party in response to the biometric data failing to match thebiometric template.
 4. The method of claim 1, further comprising scoringthe comparing of the biometric data to the biometric template.
 5. Themethod of claim 1, further comprising retrieving speech data associatedwith the second party.
 6. The method of claim 5, wherein the speech datafurther comprises a randomly selected phrase that was previously spokenby the second party during a prior conversation with the first party tothe electronic transaction.
 7. The method of claim 6, further comprisingthe comparing the speech data to a threshold level.
 8. A system,comprising: a processor; and a memory device storing code, the code whenexecuted causing the processor to perform operations, the operationscomprising: receiving an authentication request associated with a firstparty, the authentication request requesting a third party tobiometrically authenticate an electronic transaction associated with thefirst party and with an identity claimed by a second party to theelectronic transaction; querying an electronic database for the identityclaimed by the second party, the electronic database having electronicassociations between different biometric templates and differentidentities including the identity claimed by the second party;retrieving a biometric template of the different biometric templatesfrom the electronic database, the biometric template electronicallyassociated with the identity claimed by the second party; retrievinghistorical biometric data commonly associated with both the first partyand the second party; comparing the historical biometric data to thebiometric template retrieved from the electronic database; determiningthe historical biometric data commonly associated with both the firstparty and the second party satisfies the biometric template retrievedfrom the electronic database; and sending an authentication response tothe authentication request, the authentication response confirming abiometric authentication of the identity claimed by the second party. 9.The system of claim 8, wherein the operations further comprisedetermining the historical biometric data fails to satisfy the biometrictemplate.
 10. The system of claim 9, wherein the operations furthercomprise denying an authentication of the second party.
 11. The systemof claim 8, wherein the operations further comprise scoring thecomparing of the historical biometric data to the biometric template.12. The system of claim 8, wherein the retrieving of the historicalbiometric data comprises retrieving speech data associated with thesecond party.
 13. The system of claim 8, wherein the retrieving of thehistorical biometric data comprises retrieving a randomly selectedphrase that was previously spoken by the second party during a priorconversation with the first party to the electronic transaction.
 14. Thesystem of claim 13, wherein the operations further comprise thecomparing the randomly selected phrase to a threshold level.
 15. Amemory device storing instructions that when executed cause a processorto perform operations, the operations comprising: receiving anauthentication request associated with a first party, the authenticationrequest requesting a third party to biometrically authenticate anelectronic transaction associated with the first party and with anidentity claimed by a second party to the electronic transaction;querying an electronic database for the identity claimed by the secondparty, the electronic database having electronic associations betweendifferent biometric templates and different identities including theidentity claimed by the second party; retrieving a biometric template ofthe different biometric templates from the electronic database, thebiometric template electronically associated with the identity claimedby the second party; retrieving historical biometric data commonlyassociated with both the first party and the second party; comparing thehistorical biometric data to the biometric template retrieved from theelectronic database; determining the historical biometric data commonlyassociated with both the first party and the second party satisfies thebiometric template retrieved from the electronic database; and sendingan authentication response to the authentication request, theauthentication response confirming a biometric authentication of theidentity claimed by the second party.
 16. The memory device of claim 15,wherein the operations further comprise determining the historicalbiometric data fails to satisfy the biometric template.
 17. The memorydevice of claim 16, wherein the operations further comprise denying anauthentication of the second party.
 18. The memory device of claim 15,wherein the operations further comprise scoring the comparing of thehistorical biometric data to the biometric template.
 19. The memorydevice of claim 15, wherein the operations further comprise retrieving arandomly selected phrase that was previously spoken by the second partyduring a prior conversation with the first party to the electronictransaction.
 20. The memory device of claim 19, wherein the operationsfurther comprise the comparing the randomly selected phrase to athreshold level.